pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas
| От | Noah Misch |
|---|---|
| Тема | pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas |
| Дата | |
| Msg-id | E1mOaBy-0006mH-1P@gemulon.postgresql.org обсуждение исходный текст |
| Ответы |
Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas
|
| Список | pgsql-committers |
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner. This switches the default ACL to what the documentation has recommended since CVE-2018-1058. Upgrades will carry forward any old ownership and ACL. Sites that declined the 2018 recommendation should take a fresh look. Recipes for commissioning a new database cluster from scratch may need to create a schema, grant more privileges, etc. Out-of-tree test suites may require such updates. Reviewed by Peter Eisentraut. Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/b073c3ccd06e4cb845e121387a43faa8c68a7b62 Modified Files -------------- contrib/postgres_fdw/expected/postgres_fdw.out | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 2 +- doc/src/sgml/ddl.sgml | 56 ++++++++++++++------------ doc/src/sgml/user-manag.sgml | 19 ++++----- src/bin/initdb/initdb.c | 3 +- src/bin/pg_dump/pg_dump.c | 28 ++++++++----- src/bin/pg_dump/t/002_pg_dump.pl | 19 ++++----- src/include/catalog/catversion.h | 2 +- src/include/catalog/pg_namespace.dat | 2 +- src/pl/plperl/expected/plperl_setup.out | 4 ++ src/pl/plperl/sql/plperl_setup.sql | 4 ++ src/test/regress/input/tablespace.source | 5 ++- src/test/regress/output/tablespace.source | 4 +- 13 files changed, 86 insertions(+), 64 deletions(-)
В списке pgsql-committers по дате отправления: